I have an api generated through go-swagger. I am trying to put in a session check it is not firing as I expected. I followed an example that I found in github but didn't seem to work for me.
My code:
// Applies when the "X-Session-Key" header is set
api.SessionKeyHeaderAuth = func(token string) (interface{}, error) {
// test the token
success := routeHandler.HandleSessionHeaderKey(token)
if success{
return nil, nil
}
//We are pessimistic, if they aren't successful then we return a 401
api.Logger("Access attempt with incorrect api key auth: %s", token)
return nil, errors.New(401, "incorrect api key auth")
}
My Yaml (for the endpoint that I am curling):
/auth/logout:
post:
summary: Logs in the user
consumes:
- application/x-www-form-urlencoded
operationId: authLogoutUser
tags:
- auth
description:
Allow users to log out and their session will be terminated
produces:
- application/json
parameters:
- in: header
name: X-Session-Key
type: string
required: true
- in: header
name: X-Profile-Key
type: string
required: true
responses:
200:
description: Login Success
headers:
ProfileKeyHeader:
type: string
description: The key for the profile data
SessionKeyHeader:
type: string
description: The key for the session data
400:
description: Whether the user is not found or error while login, decided on a generic login failure error
schema:
$ref: 'definitions.yaml#/definitions/Error'
429:
description: Too many requests and being throttled
schema:
$ref: 'definitions.yaml#/definitions/Error'
500:
description: Too many requests and being throttled
schema:
$ref: 'definitions.yaml#/definitions/Error'
Any help to see what I did incorrectly would be appreciated.
So, I was being an idiot...
The issue was that I forgot to add Security to my swagger yaml. Once I did that then my function was getting called.
operationId: authLogoutUser
tags:
- auth
description:
Allow users to log out and their session will be terminated
produces:
- application/json
security:
- SessionKeyHeader: []
Related
I'm using go-swagger for generating swagger file for our apis
I've been trying to add comments for an api that is used to upload a single file but the annotations for file and form data simply is not working
here is the comments for the said api
// swagger:route POST /admin/upload Files uploadFile
//
// Upload a file.
//
//
// Consumes:
// - multipart/form-data
//
// Produces:
// - application/json
//
// Schemes: https
//
// Deprecated: false
//
//
// Parameters:
// + name: Authorization
// in: header
// required: true
// type: string
//
// + name: file
// in: formData
// required: true
// type: file
//
// Responses:
// 200: StatusOK
// 403: Error
the generated swagger file for this:
/admin/upload:
post:
consumes:
- multipart/form-data
operationId: uploadFile
parameters:
- in: header
name: Authorization
required: true
type: string
- name: file
required: true
type: object
produces:
- application/json
responses:
"200":
description: StatusOK
schema:
$ref: '#/definitions/StatusOK'
"403":
description: Error
schema:
$ref: '#/definitions/Error'
schemes:
- https
summary: Upload a file.
tags:
- Files
as you can see it changes the file parameter type to object
anyone has any idea how I can fix this?
Our API returns various response codes. For some response codes 4xx and above, a body may be returned. For example, an HTTP response code of 400 may be returned in several different cases described in the business logic, in some cases the response may contain a body, and in some cases the body may be completely absent.
My question is - how can I describe in the specification a situation where, for the same HTTP response code, for example, for HTTP 400, the API can return a response body or there can be no response body at all?
Addition. I am trying to describe the HTTP response code for the same endpoint.
Examples:
The response contains a body:
'400':
description: Bad Request
content:
application/json:
schema:
$ref: some_ref_here
examples:
example-1:
value:
message:
title: This email address cannot be used
detail: Use a different email address.
severity: error
headers:
Content-Type:
schema:
type: string
description: Some description.
Cache-Control:
schema:
type: string
description: Some description.
Pragma:
schema:
type: string
description: Some description.
The response does not contain a body:
'400':
description: Bad Request
headers:
Content-Type:
schema:
type: string
description: Some description.
Cache-Control:
schema:
type: string
description: Some description.
Pragma:
schema:
type: string
description: Some description.
I'm trying to specify for a 400 HTTP code that it can either contain content, or content can be completely absent.
That's the default. If the responses 'content' field is absent, it won't be validated against the provided response.
On the other hand, if you want to indicate that a response body must be present, you can do that indirectly by checking for a non-empty Content-Length or Content-Type header.
Swagger ignoring required fields in body of POST request.
Steps to reproduce:
Describe swaggerfile
swagger: "2.0"
info:
title: Sample API
description: API description in Markdown.
version: 1.0.0
host: api.example.com
schemes:
- http
paths:
/users:
post:
operationId: UserCreate
parameters:
- name: body
in: body
required: true
schema:
allOf:
- $ref: "#/definitions/ID"
- $ref: "#/definitions/User_object"
- type: object
required: # HERE! IT IS NOT WORKING
- ID
- genderCode
- birthDate
- code
produces:
- application/json
consumes:
- application/json
responses:
200:
description: "OK"
definitions:
ID:
title: ID
properties:
GUID:
type: string
description: "ID"
format: uuid
User_object:
title: User_object
properties:
genderCode:
type: string
birthDate:
type: string
format: date
code:
type: string
Generate api
swagger generate server -f swaggerfile.yaml -t api
Describe single handler:
api.UserCreateHandler = operations.UserCreateHandlerFunc(func(params operations.UserCreateParams) middleware.Responder {
return middleware.NotImplemented("MUST NOT BE PRINTED")
})
Make a request to generated api:
curl -X POST -H "Content-Type: application/json" -d '{"foo":"bar"}' localhost:{{host}}/users
Expected result:
400 Bad Request
Given result:
501 MUST NOT BE PRINTED
My personal workaround is
api.UserCreateHandler = operations.UserCreateHandlerFunc(func(params operations.UserCreateParams) middleware.Responder {
if params.Body.UserObject == (models.UserObject{}) {
return //... your BAD REQUEST type
}
return middleware.NotImplemented("MUST NOT BE PRINTED")
})
I have a swagger.yaml something like this:
swagger: "2.0"
paths:
/something:
get:
parameters:
- name: format
in: query
type: string
pattern: '^(csv|json|xml)$'
responses:
200:
schema:
type: ?
And I want to return different formats (csv, json, xml) depending on the value of the format query parameter (eg. localhost/api/something?format=csv).
How can I specify the different response formats in the spec?
I found a workaround, by providing different endpoints:
swagger: "2.0"
paths:
/something/json:
get:
produces:
- application/json
responses:
200:
schema:
type: object
properties:
...
/something/csv:
get:
produces:
- text/csv
responses:
200:
schema:
type: string
Note the different produces: inside each get, and none at the top level.
The actual response header for the csv endpoint is:
Content-Length:64
Content-Type:text/csv; charset=utf-8
Date:Fri, 26 Aug 2016
I have also tried adding headers to the yaml (straight after the code above), but it doesn't change the actual response header:
headers:
Content-type:
type: string
description: text/csv; charset=utf-8
Content-Disposition:
type: string
description: attachment; filename=data.csv
At either endpoint I get a console message (I am building this using connexion):
Resource interpreted as Document but transferred with MIME type application/json, or
Resource interpreted as Document but transferred with MIME type text/csv
Also, the csv is interpreted as a file to download, not displayed in the browser.
...so I suspect I haven't quite got it right yet.
I am loving how RAML can dynamically reference different schemas when declaring a resourceType like:
resourceTypes:
- collection:
get:
responses:
200:
body:
application/json:
schema: <<schema>>
post:
body:
application/json:
schema: <<schema>>Create
responses:
200:
body:
application/json:
schema: <<schema>>
Here I am able to use this like
/users:
type: { collection: { schema: user } }
and RAML will give me user schema responses from GETs and POSTs and also use the userCreate schema for sending POST requests. Cool! Now I can reuse my collection definition with tons of different schemas.
But now that I want to have example json for everything too, I was hoping to utilize the <<schema>> var in another way to leverage "code reuse". I was hoping to be able to do
resourceTypes:
- collection:
get:
responses:
200:
body:
application/json:
schema: <<schema>>
example: examples/v1-<<schema>>.json
post:
body:
application/json:
schema: <<schema>>Create
example: examples/v1-<<schema>>-create.json
responses:
200:
body:
application/json:
schema: <<schema>>
example: examples/v1-<<schema>>.json
but unfortunately this does not work. I get an error saying
error: File with path "/examples/v1-%3C%3Cschema%3E%3E.json" does not exist
So now I have resorted to manually adding this to all my collections and the /users example above has become
/users:
type: { collection: { schema: user } }
get:
responses:
200:
body:
application/json:
example: !include examples/v1-user.json
post:
body:
application/json:
example: !include examples/v1-user-create.json
responses:
200:
body:
application/json:
example: !include examples/v1-user.json
To me, this is a LOT of overhead just to add examples. Especially when I want to repeat the pattern over many resources.
The question: Is there a way to accomplish this?
No, this is not allowed in RAML 0.8 according to the spec. It might be allowed in future versions though.
Since RAML is just a standard, I first would ask: Who/What is throwing that error? (I mean, what tool are you using?)
Plus: Are you sure about the example (the first one)? It's not using !include, so, should not be even intending to reach that inexistent file (I'm assumed that you are using !includes in your original script but omitted that when copying here).
Additionally, and I know you are not asking for this, but just in case:
- You could pass 2 parameters (as a workaround), one for the schema and another for the example (it's still overhead but not THAT hardcoded).
- Do you know about the reserved parameters? Using that + "singularize" or "pluralize" depending the case, could also help you in your reuse enterprise ;) Take a look at http://raml.org/docs-200.html#parameters